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- r/je MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply Is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )K Responsive to comnnunication(s) filed on 08 July 2004 . 
2a)S This action is FINAL. 2b)n This action is non-final. 

3) n Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 1-24 and 26 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) \Z\ Claim(s) is/are allowed. 

6) S Claim{s) 1-24 and 26 is/are rejected. 

Claim{s) is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) n The specification is objected to by the Examiner. 

10)S The drawing(s) filed on 08 July 2004 is/are: a)^ accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held In abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19{a)-(d) or (f). 
a)n All b)n Some * c)^ None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) ^ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) ' 5) □ Notice of Informal Patent Application (PTO-152) 

Paper No{s)/Mail Date . 6) □ Other: . 
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DETAILED ACTION 

Claim Rejections - 35 USC§103 

1 . This application currently names joint inventors. In considering patentability of the 
claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of the various 
claims was commonly owned at the time any inventions covered therein were made absent any 
evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out 
the inventor and invention dates of each claim that was not commonly owned at the time a later 
invention was made in order for the examiner to consider the appUcability of 35 U.S. C. 103® and 
potential 35 U.S.C. 102(f) or (g) prior art under 35 U.S.C. 103(a). 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth 
in section 102 of this title, if the differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole would have been obvious at the time the invention was made 
to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

1 . Claims 1 1-24, 26 are rejected under 35 U.S.C. 103(a) as being unpatentable Reid et al. 
with US Patent No. 6,182,226 in view of Antur et al. with Patent Number 6,212,558. 

2. As per claim(s) 1 1,23, Reid discloses a configuration machine (See Column 3 Lines 26- 
35) including domains (i.e., servers & workstations) having an access control policy and an 
established configuration machine (i.e., Firewall SECURE ZONE (34)), (See Column 2 Lines 
53-67) for grouping the domains) of the system into internal and external protection domains, 
col. 2, lines 61-64, a firewall ensuring the protection of an internal domain relative to an external 
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domains, and means for applying to the firewall in question a rule (i.e., access rules) for 
controlling access between a source resource and a destination resource only if said source and 
destination resources belong to the same protection domain or (See Column 5 Lines 32-67 & 
Column 6 Lines 1-19). Reid teaches groups including zones, col. 10, lines 53-54. Reid teaches 
access control rules with specific scopes, col. 5, lines 53-57 and whether to apply said rules, col. 
5, lines 61-63. Reid teaches the invention in the above claim(s) except for explicitly teaching 
central management or machines. In that Reid operates to generate service requests in a 
firewalled network, the artisan would have looked to the network firewall arts for details of 
implementing access controls. In that art, Antur, a related network firewall adapter, teaches 
"central points of administration for entire networks", col. 3, lines 51-52 in order to access rules. 
Antur specifically teaches central management, col. 6, lines 47-49. Further, Antur suggests "a 
central database", col. 8, lines 43-45 will result from implementing his management. The 
motivation to incorporate central management insures that control is maintained. Thus, it would 
have been obvious to one of ordinary skill in the art to incorporate central management as taught 
in Antur into the security system described in the Reid patent because Reid operates with various 
management systems and Antur suggests that optimization can be obtained with central 
management. Therefore, by the above rational, the above claim(s) are rejected. 

1. As per claim(s) 12, Reid teaches the claimed invention as described in claim(s) 1 1 above 
and furthermore discloses determining the protection domain of the resources by means of 
firewall network interfaces through which communications pass in order to reach said resources, 
(See Column 3 Lines 17-30). 
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2. As per claim(s) 13, Reid teaches the claimed invention as described in claim(s) 11-12 
above and furthermore discloses defining zones, (i.e., DMZ), (See Column 3 Lines 1-15) 
comprising networks or sub-networks, associating the network interfaces of firewalls to which 
said zones; wherein provides protected access to server to internal user & external entities are 
connected with an internal or external domain, determining the incoming and outgoing network 
interfaces, (See Column 4 Lines 49-67 & Column 5 Lines 1-15) of current traffic, analyzing 
whether said network interfaces are attached to an internal or external domain, and applying the 
rule for controlling access only if both network interfaces are attached to the same internal 
domain, and the resources belong to the same protection domain, (See Column 3 Lines 19-40). 

3. As per claim(s) 14, Reid teaches the claimed invention as described in claim(s) 11-13 
above and fiirthermore discloses composes groups of objects (i.e., regions) for which the access 
control policy is identical (i.e., same regions) and the rule for controlling access is applied 
between each of the resources of a source group and a destination group, (See Column 4 Lines 
49-67 & Column 5 Lines 1-15). 

4. As per claim(s) 15, Reid teaches the claimed invention as described in claim(s) 11-14 
above and fiirthermore discloses it composes groups of objects (i.e., regions) for which the 
access control policy is identical (i.e., same regions) and the rule for controlling access is applied 
between each of the resources of a source group and a destination group, (See Column 4 Lines 
49-67 & Column 5 Lines 1-15). 
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5. As per claim(s) 16, Reid teaches the claimed invention as described in claim(s) 11-15 
above and furthermore discloses composes groups of objects (i.e., regions) for which the access 
control policy is identical (i.e., same regions) and the rule for controlling access is applied 
between each of the resources of a source group and a destination group, (See Column 4 Lines 
49-67 & Column 5 Lines 1-15). 

6. As per claim(s) 17, Reid teaches the claimed invention as described in claim(s) 11-16 
above and furthermore discloses characterizing the rule for controlling access with a local or 
global scope; wherein a local scope is interpreted as rules that are specific to the network the 
firewall is cormected to, such as, "allow or deny terminal nodes" or "decision nodes" or * alerts" 
where only the specific users are affected to the appUed rules; Similarly, global scope rules are 
rules applied throughout the network such as "filter nodes" where the rule is applied to vmw 
connections where www is the entire network; it is therefore the examiners himible request that 
the applicant read the cited column and line numbers to its entirety to gain full understanding of 
the rules defined in the reference, applying the rule to the resources in question only if said 
resources belong to the same protection domain when the scope of the rule is local, and applying 
the rule to all of the resources in question when the scope of the rule is global, (See Colunrn 5 
Lines 64-67, Column 6 Lines 1-67, Column 7 Lines 1-59). 

7. As per claim(s) 18, Reid teaches the claimed invention as described in claim(s) 11-17 
above and furthermore discloses characterizing the rule for controlling access with a local or 
global scope; wherein a local scope is interpreted as rules that are specific to the network the 
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firewall is connected to, such as, "allow or deny terminal nodes" or "decision nodes" or 'alerts" 
where only the specific users are affected to the applied rules; Similarly, global scope rules are 
applied throughout the network such as "filter nodes" where the rule is applied to www 
connections where www is the entire network; it is therefore the examiners humble request that 
the applicant read the cited column and line numbers to its entirety to gain full understanding of 
the rules defined in the reference, applying the rule to the resources in question only if said 
resources belong to the same protection domain when the scope of the rule is local, and applying 
the rule to all of the resources in question when the scope of the rule is global, (See Column 5 
Lines 64-67, Column 6 Lines 1-67, Column 7 Lines 1-59). 

8. As per claim(s) 19, Reid teaches the claimed invention as described in claim(s) 11-18 
above and fiirthermore discloses characterizing the rule for controlling access with a local or 
global scope; wherein a local scope is interpreted as rules that are specific to the network the 
firewall is coimected to, such as, "allow or deny terminal nodes" or "decision nodes"'or 'alerts" 
where only the specific users are affected to the applied rules; Similarly, global scope rules are 
rules applied throughout the network such as "filter nodes" where the rule is applied to www 
coimections where www is the entire network; it is therefore the examiners humble request that 
the applicant read the cited column and line numbers to its entirety to gain full understanding of 
the rules defined in the reference, applying the rule to the resources in question only if said 
resources belong to the same protection domain when the scope of the rule is local, and applying 
the rule to all of the resources in question when the scope of the rule is global, (See Column 5 
Lines 64-67, Column 6 Lines 1-67, Column 7 Lines 1-59). 
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9. As per claim(s) 20, Reid teaches the claimed invention as described in claim(s) 11-19 
above and furthermore discloses characterizing the rule for controlling access with a local or 
global scope; wherein a local scope is interpreted as rules that are specific to the network the 
firewall is connected to, such as, "allow or deny terminal nodes" or "decision nodes" or 'alerts" 
where only the specific users are affected to the applied rules; Similarly, global scope rules are 
rules applied throughout the network such as "filter nodes" where the rule is applied to www 
coimections where www is the entire network; it is therefore the examiners humble request that 
the applicant read the cited column and line numbers to its entirety to gain fiill understanding of 
the rules defined in the reference, applying the rule to the resources in question only if said 
resources belong to the same protection domain when the scope of the rule is local, and applying 
the rule to all of the resources in question when the scope of the rule is global, (See Column 5 
Lines 64-67, Column 6 Lines 1-67, Column 7 Lines 1-59). 

10. As per claim(s) 21, Reid teaches the claimed invention as described in claim(s) 1 1-20 
above and furthermore discloses characterizing the rule for controlling access with a local or 
global scope; wherein a local scope is interpreted as rules that are specific to the network the 
firewall is connected to, such as, "allow or deny terminal nodes" or "decision nodes" or 'alerts" 
where only the specific users are affected to the applied rules; Similarly, global scope rules are 
rules applied throughout the network such as "filter nodes" where the rule is applied to www 
connections where www is the entire network; it is therefore the examiners humble request that 
the applicant read the cited column and line numbers to its entirety to gain full understanding of 
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the rules defined in the reference, applying the rule to the resources in question only if said 
resources belong to the same protection domain (5) or (6) when the scope of the rule is local, and 
applying the rule to all of the resources in question when the scope of the rule is global, (See 
Column 5 Lines 64-67, Column 6 Lines 1-67, Column 7 Lines 1-59). 

11. As per claim(s) 22, Reid teaches the claimed invention as described in claim(s) 11-21 
above and furthermore discloses characterizing the rule for controlling access with a local or 
global scope; wherein a local scope is interpreted as rules that are specific to the network the 
firewall is connected to, such as, "allow or deny terminal nodes" or "decision nodes" or 'alerts" 
where only the specific users are affected to the applied rules; Similarly, global scope rules are 
rules applied throughout the network such as "filter nodes" where the rule is applied to www 
connections where www is the entire network; it is therefore the examiners humble request that 
the applicant read the cited column and line numbers to its entirety to gain fixU understanding of 
the rules defined in the reference, applying the rule to the resources in question only if said 
resources belong to the same protection domain when the scope of the rule is local, and applying 
the rule to all of the resources in question when the scope of the rule is global, (See Column 5 
Lines 64-67, Column 6 Lines 1-67, Column 7 Lines 1-59). 

12. As per claim(s) 24, Reid teaches the claimed invention as described in claim(s) 23 above 
and furthermore discloses it further comprises a graphical interface fi-om which an administrator 
can enter the domains and the access control rules, (See Column 7 Lines 8-39). 
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3. As per claim(s) 26, Reid teaches the claimed invention as described in claim(s) 23-25 
above and furthermore discloses the graphical interface allows the administrator to define a local 
or global scope for the access control rule, wherein a local scope is interpreted as rules that are 
specific to the network the firewall is coimected to, such as, "allow or deny terminal nodes" or 
"decision nodes" or 'alerts" where only the specific users are affected to the applied rules; 
Similarly, global scope rules are rules applied throughout the network such as "filter nodes" 
where the rule is applied to www connections where www is the entire network; it is therefore 
the examiners humble request that the applicant read the cited column and line numbers to its 
entirety to gain full understanding of the rules defined in the reference, and in that the machine 
applies the rule to the resources in question only if said resources belong to the same protection 
domain when the scope of the rule is local, and applies the rule to all of the resources in question 
when the scope of the rule is global, (See Column 5 Lines 64-67, Column 6 Lines 1-67, Column 
7 Lines 1-59). 

Response to Amendment 

1 . Based on the new grounds for rejection the applicants arguments are moot. The broad 
claim language used is interpreted on its face and based on this interpretation the claims have 
been rejected. 

2. The limited structure claimed, without more functional language, reads on the references 
provided. Thus, Applicant's arguments can not be held as persuasive regarding patentability. 

3. Applicant's arguments fail to comply with 37 CFR 1 . 1 1 1(b) because they amount to a 
general allegation that the claims define a patentable invention without specifically pointing out 



Application/Control Number: 09/740.801 Page 10 

Art Unit: 2141 

how the language of the claims patentably distinguishes them from the cited portions of the 
references and relevant portions of the reference. 

Conclusion 

4. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

5. A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 

CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

6. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Stephan Willett whose telephone number is (571) 272-3890. The 
examiner can normally be reached Monday through Friday from 8:00 AM to 6:00 PM. 

7. If attempts to reach the examiner by telephone are unsuccessfiil, the examiner's 
supervisor, Rupal Dharia, can be reached on (571) 272-3880. The fax phone number for the 
organization where this application or proceeding is assigned is (571) 272-0044. 

8. Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (571) 272-2100. 
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